Deployment
Security
Security settings and operational guardrails for SkyPort.
SkyPort already has security-related configuration in the backend and CLI. The docs should describe those real controls rather than inventing a security product layer.
Important Backend Settings
JWT_SECRETfor API authenticationJWT_EXPIRESfor token lifetimeALLOWED_ORIGINSfor browser accessTRUSTED_PROXIESfor proxy-aware deploymentsSKYPORT_ENCRYPTION_KEYfor encrypted sensitive dataSKYPORT_OPEN_REGISTRATIONto control onboarding
SSH And Remote Access
- prefer key-based SSH where possible
- use strict host verification when you have a stable known_hosts setup
- keep terminal sessions authenticated and short-lived
Proxy And TLS
- expose the UI through HTTPS
- keep reverse proxy mappings tied to real host ports
- use Caddy auto-TLS where appropriate
Safe Documentation Pattern
When documenting security, focus on:
- Which setting exists.
- What it controls.
- What the operator must still do manually.
Next
- Read Production Setup.
- Read Authentication.
